In recent years, there has been a strong decline in the use of tangible currency such as dollar bills and coins. For example, recent increases in gasoline prices have apparently driven a change in consumer financial habits, and most drivers now use convenient financial instruments such as credit cards to purchase gasoline.
Unfortunately, credit cards and similar financial instruments are often targets for various types of criminal attack and fraud. For example, in the crudest form, a criminal may physically steal a credit card and physically use the credit card to make purchases at a merchant's physical store. Some purchases with a credit card, such as automated purchases at a gas pump, may not even require a signature from the criminal. Further, even when a signature is required, a cashier generally does not carefully compare the authorized signature on the back of the credit card against the forged signature from the criminal. On rare occasions, a cashier may request a second form of identification, such as a driver's license, from the criminal.
In a more refined form, a criminal may steal information associated with the credit card, but not steal the physical card itself. The criminal may use this information to generate a duplicate physical card, and then use the duplicate physical card to make purchases.
Alternatively, the criminal may use the stolen information directly, without generating a duplicate physical card. For example, the criminal may use the PAN (Personal Account Number) from the front of the credit card, plus the three digit verification number from the back of the credit card to make a purchase over the Internet.
In industry terminology, the PAN may be a first authentication factor, which is used to authenticate that the purchaser is a registered or authorized user of the credit card. In the above examples, either the authorized signature or the three digit verification number is used as a second authentication factor to provide an additional layer of security.
However, the authorized signature is visibly displayed on the back of most credit cards, and thus is relatively easy to forge when the card is physically stolen. Similarly, the three digit verification number is visibly displayed on the back of most credit cards, and is readily available when the card is physically stolen.
Alternatively, other techniques may be used to obtain the second authentication factor without physically stealing the card. For example, a criminal waiter may use a camera to quickly photograph both sides of a credit card before returning the credit card to the registered or authorized user of the credit card. Stealing information during temporary possession of the card will not immediately alert the registered or authorized user of the card that a theft has occurred, because the physical card is promptly returned.
Other criminal schemes are more sophisticated, and may not require even temporary possession of the physical card. Information on or in the card is the true target of the criminal attack, and obtaining permanent or temporary possession of the physical card itself is merely the most obvious method of obtaining the information.
Other similar financial instruments, such as debit cards, are similarly subject to criminal attack. Debit cards typically have a PIN (Personal Identification Number) which is associated with the card. The PIN is not visible on the debit card, but typically is magnetically encoded on the debit card. Thus, a criminal with physical possession of the card may magnetically read the PIN. Further, a criminal may electronically eavesdrop on the communications network carrying a financial transaction and learn the PIN. A criminal may visually eavesdrop on a financial transaction by eyeballing or photographing the registered or authorized user of the debit card physically typing the PIN into a keypad. A criminal may pretend to talk on a mobile phone, while taking pictures using a camera built into the mobile phone. Criminals may be highly motivated, and may be very clever.
Thus, financial instruments such as credit cards are attractive and relatively soft targets for crude or for sophisticated criminal attack.
Hence a need exists for a different authentication factor which is more resistant to criminal attack than signatures, or three digit verification numbers, or debit card PINs. The different authentication factor may be used as a second authentication factor, for example, in place of a signature. Alternatively, the different authentication factor may be used as an additional authentication factor, for example, in place of a signature.